
In this episode of the Future of Application Security, Harshil speaks with Emre Saglam, Head of Security and Compliance at Dremio, a data lakehouse that empowers data engineers and analysts with easy-to-use self-service SQL analytics. They discuss the current state of AppSec, including how to improve security by prioritizing business implications, using frameworks, and having tools "closer to the ground." They also talk about how to structure security teams, how much time you should spend with product teams, what skills are needed for future success, and more.
Topics discussed:
Emre's career evolution in security, from breaking into mailboxes as a kid growing up in Turkey, to starting a Linux group in the 1990s, to working at places like World Bank and Salesforce before becoming the Head of Security and Compliance at Dremio.
The current challenges of Product Security, including the need for bigger companies to create ways to glue together their disconnections, and why security teams need to prioritize overall business implications and impact.
How security is improving through the use of frameworks and tools that are "closer to the ground," making security easier to scale.
Why security teams should adopt strategies like injecting security across each phase of product development, and why security teams should spend more time with the product team.
How to structure security teams in terms of which skills to hire, how much time to dedicate to the product side, how to keep up morale and motivation, and how to align teams to create secure products for customers.
How security teams can bring attention to areas where they may need more resources, planning, or prioritization, and why alignment with leadership is key.
Why curiosity, questioning intention, being firm, having a Plan B, and good communication are skills that security team members must acquire in order to be successful.
Why the future of product security will be better correlation, deduplication, and few false positives, and how AI will contribute to being able to write better code.
Apr 19, 2023
37 min

In this episode of the Future of Application Security, Harshil speaks with Mohit Kalra, Vice President of Product Security at Sprinklr, a platform that enables the world's largest enterprises to market, advertise, research, care, and engage consumers. Together, they take a look at the overall management of product security in a SaaS organization that needs to keep a large amount of customer data safe. Mohit's advice includes how to prioritize your product security program, become more aware of your environment, make listening and learning a security process, and other useful tips, tricks, and strategies that any security leader can take and apply to their team today.
Topics discussed:
How a Product Security leader should think about security maturity, for more reliable and repeatable actions.
Why it's key to better understand your products and applications before you implement preventative controls.
How to become more aware of what you have in your environment, where to start if you don't know what to secure, and how to create processes for remediation of issues that you find.
How to establish listening as a process, and why it's key in getting to better know your products, teams, and business trajectory.
Why ProdSec is an incremental process and has a problem of prioritization
How to calculate your organization's risk, and why security starts with assessing the needs of the company.
Why the best approach to remediation is to strategically ticket your security backlog, and how to do so in order to make the most progress.
Apr 12, 2023
36 min

In this episode of the Future of Application Security, Harshil speaks with Derek Fisher, the Head of Product Security at Envestnet, a publicly traded financial technology company that connects people's daily financial decisions with their long-term financial goals. Derek is a highly accomplished professional with an exceptional track record in engineering and information security. With his experience as an award-winning author, speaker, leader, and university instructor, Derek provides valuable insights into the world of application security and risk management.
Key topics discussed:
The step-by-step approach to build a mature application security program.
Utilizing tools like dynamic scanners and software composition for vulnerability management.
Collaboration with product and engineering teams to stay informed about upcoming changes.
Importance of early involvement in the development lifecycle to enhance security.
The role of enterprise architecture teams in the application security process.
Challenges in tracking and responding to development team activities in agile environments.
Resources mentioned:
Derek's book, "The Application Security Program Handbook"
Derek's children's book, "Alicia Connected"
Apr 5, 2023
38 min

In this podcast episode of the Future of Application Security, Harshil speaks to Cassie Crossley, VP of Supply Chain Security at Schneider Electric, a global specialist in energy management and automation, Cassie is responsible for overseeing the cybersecurity strategy and ensuring the security of the company's products and services. With a wealth of experience from her leadership roles at well-known companies like Ceridian, Hewlett-Packard, McAfee, Lotus, and IBM, Cassie brings a unique perspective and valuable insights to the discussion on software supply chain security.
Key Topics Discussed:
Addressing sophisticated threats in software supply chains.
Integrating supply chain security into CISO priorities.
Focusing on third-party suppliers and open source risks.
Utilizing tools and frameworks like SSDF for supply chain security.
Understanding and evaluating supply chain risks for CISOs.
Developing IoT cybersecurity standards.
Mar 29, 2023
39 min

In this special episode of the Future of Application Security, Harshil interviews Eric Sheridan, Tromzo’s recently appointed Chief Innovation Officer. Eric shares his 20-year journey in security, from his teenage encounter with Punters (little apps that would flood the target with AIM messages and knock them offline) to developing innovative security technologies at companies including WhiteHat Security (now part of Synopsys). They discuss Eric's experience in building security testing tools, co-founding a company specializing in scanning source code for vulnerabilities, and working on various application security projects throughout his career. The conversation delves into the current challenges and future trends of software and cloud security, emphasizing the need for a holistic approach, the importance of democratizing security, and how to integrate security into the workflows of developers and decision-makers.
Key topics discussed throughout the conversation:
Understanding an organization's assets and the importance of a single pane of glass for visibility.
The role of product security teams in providing guidance and operational support to engineering teams.
The impact of developer-oriented products on security and the future role of application security engineers.
Benefits of automated policy enforcement and integrating security into CI/CD pipelines.
Importance of actionable insights for risk owners to effectively remediate vulnerabilities.
The evolving role of application security teams in the context of democratizing security.
The importance of integrating security products within non-traditional security tooling platforms, such as GitHub, GitLab, Jfrog, and Datadog.
Mar 28, 2023
29 min

In this episode, Harshil is joined by Martin Nystorm, Vice President Of Product Security at Lumen.
Lumen is the world’s largest provider of communications, network services, and cloud security solutions. The Lumen platform enables companies to capitalize on emerging technologies and next-gen business applications, offering simplified security solutions that allow their customers to shift their focus from IT to innovation.
Mar 16, 2023
30 min

In this episode, Harshil chats with Bradley Petzer, Senior Director of Product Security at KnowBe4. Bradley shares the importance of finding the right balance between compliance and security, and why priority should be given to having true risk management solutions in place.
Mar 2, 2023
28 min

In this episode, Harshil chats with Emmy Eide, Director of Product Security at Red Hat, a leading provider of open source software solutions that enable enterprises to seamlessly work across various platforms and environments.
Emmy shares how she came to lead the team handling software supply chain security at Red Hat, and gives us a look into what makes for a good software supply chain security program - by utilizing tools, risk management best practices, and implementing security controls to protect the supply chain from threats and vulnerabilities.
Feb 15, 2023
30 min

In this episode, Harshil is joined by Naomi Buckwalter, Director of Product Security at Contrast Security. Contrast Security is an application security platform that helps developers and security teams write secure code and protects business applications against targeted cybersecurity attacks. The Contrast platform is able to effectively identify actual vulnerabilities from false positives, resulting in faster remediation.
With more than two decades of experience in IT and Security, Naomi shares some tips on how to run a product security program, how to build a diverse team, and how to refine the hiring process to empower managers to choose the right candidates.
Topics discussed:
How Naomi came to lead the product security team at Contrast Security
The story behind Cybersecurity Gatebreakers, Naomi’s nonprofit foundation advocating for and supporting the next generation of cybersecurity professionals
The supposed talent shortage in cybersecurity, and the challenges in finding and hiring the right talent
How to choose the right questions during an interview and what to prioritize during the hiring process
Naomi’s LinkedIn course that’s providing valuable educational content on how to be better security leaders
Naomi’s book recommendation for cybersecurity leaders
How to come up with a reprioritizing plan to counter the effects of a workforce reduction
Jan 18, 2023
35 min

Technology has been growing by leaps and bounds but most supply chain processes for shipping, storing, and trading goods have remained fragmented. Flexport is the first to connect the entire ecosystem of global trade, empowering buyers, sellers and logistics providers to grow and innovate. Flexport’s platform sets a new standard for global trade by simplifying supply chain management.
In this episode, we are joined by Kevin Paige, CISO at Flexport. Kevin utilizes his two decade long work experience in IT and security to help the company streamline and optimize business processes, mitigate risks, and accelerate growth by aligning IT initiatives with broader company goals.
Topics discussed:
Kevin’s work background and how he shifted from being in the military handling physical security, working as a security consultant for the government, to his current role at Flexport
His thoughts on the complexities of the CISO role and the trend of assigning CIO responsibilities to CISOs
How to strategize, plan, and make data driven decisions in the world of security
How application security has evolved and what the future will look like
The skills that every good product security person should have
The process Kevin’s security team follows in doing quarterly business reviews
Jan 5, 2023
32 min
Load more
